/[Apache-SVN]
ViewVC logotype

Revision 1549529

Jump to revision: Previous Next
Author: markt
Date: Mon Dec 9 10:05:56 2013 UTC (10 years, 4 months ago)
Changed paths: 27
Log Message: 
Add an option to the Context to control the blocking of XML external entities when parsing XML configuration files and enable this blocking by default when a security manager is used. The block is implemented via a custom resolver to enable the logging of any blocked entities.
This is the fix for CVE-2013-4590.

Changed paths

Path Details
Directorytomcat/tc7.0.x/trunk/ modified , props changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/Context.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/ant/ValidatorTask.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/startup/ContextConfig.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/startup/FailedContext.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/startup/TldConfig.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/Constants.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspConfig.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/JspDocumentParser.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TagPluginManager.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/compiler/TldLocationsCache.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/descriptor/DigesterFactory.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/descriptor/LocalResolver.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/descriptor/LocalStrings.properties modified , text changed
Directorytomcat/tc7.0.x/trunk/test/javax/servlet/resources/TestSchemaValidation.java modified , text changed
Directorytomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java modified , text changed
Directorytomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/descriptor/TestLocalResolver.java modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/changelog.xml modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/config/context.xml modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26